PingID integration for Windows login 2.2 (April 08, 2019)
Enhancements
PingID support for FIDO2 Security Keys extended to Windows login
FIDO2 and U2F compatible security keys enable relying parties to offer a strong cryptographic second factor option for end user security, and to take advantage of the security benefits of FIDO2 technology. PingID now supports FIDO2 and U2F security keys for authentication with Windows login.
See (Legacy) Configuring the FIDO2 security key for PingID, in the PingID Admin Guide and Using a security key (FIDO2) for authentication in the PingID User Guide.
Known issues and limitations
- Authentication via security key not permitted for Window Login via RDP
-
It is not possible to authenticate with a security key when accessing Windows Login via Remote Desktop, due to current limitations with FIDO2.
- Trust domain relationship failure may prevent login to Windows
-
In the event of a trust domain relationships failure, in some cases, after successful second factor authentication, the user may see an ERROR_TRUSTED_RELATIONSHIP_FAILURE error and may not be able to access their account.
- Second factor authentication with PingID for Windows Hello
-
Microsoft does not currently support the addition of second factor authentication when using the Windows Hello biometric login flow.
-
For PingID for Windows Login v2.2 integration and higher, if Windows Hello biometric authentication is enabled, users can either:
-
Log in using Windows Hello biometric authentication only.
-
Authenticate with their username and password. When authenticating with username and password, PingID can be used for second factor authentication.
-
-
PingID for Windows Login v2.1 and lower does not support authentication with Windows Hello when Windows Hello is in biometrics mode.
-